《加密与解密》PE文件格式那章的问题
发表于:
2010-1-14 21:12
在编写PE文件分析工具那里,有一个ShowExportFuncsinfo,
这里
pwOrds = (PWORD)RvaToPtr(pNtH, stMapFile.ImageBase,pExportDir->AddressOfNameOrdinals);
为什么要定义成PWORD?AddressOfNameOrdinals不是DWORD类型的么?为哈么用WORD类型的指针?
pwOrds = (PWORD)RvaToPtr(pNtH, stMapFile.ImageBase,pExportDir->AddressOfNameOrdinals);
pdwRvas = (PDWORD)RvaToPtr(pNtH, stMapFile.ImageBase,pExportDir->AddressOfFunctions); //va
pdwNames = (PDWORD)RvaToPtr(pNtH, stMapFile.ImageBase,pExportDir->AddressOfNames);
if(!pdwRvas)
return;
hList=GetDlgItem(hDlg,IDC_EXPORT_LIST);
SendMessage(hList,LVM_SETEXTENDEDLISTVIEWSTYLE,0,(LPARAM)LVS_EX_FULLROWSELECT);
iNumOfName=pExportDir->NumberOfNames;
for( i=0;i<pExportDir->NumberOfFunctions;i++) //i<AddressOfFunctions 中个元素个数
{
if(*pdwRvas) //AddressOfFunctions VA != NULL
{
for( j=0;j<iNumOfName;j++) // j < NumberOfNames
{
if(i==pwOrds[j]) //pwOrds is a pointer to AddressOfNameOrdinals
{
bIsByName=TRUE;
szFuncName=(char*)RvaToPtr(pNtH,stMapFile.ImageBase,pdwNames[j]);
break;
}
bIsByName=FALSE;
}
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
